From owner-freebsd-current@FreeBSD.ORG Thu Dec 10 18:27:31 2009 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C9B4106566B; Thu, 10 Dec 2009 18:27:31 +0000 (UTC) (envelope-from bp@barryp.org) Received: from itasca.hexavalent.net (itasca.hexavalent.net [67.207.138.180]) by mx1.freebsd.org (Postfix) with ESMTP id 129DD8FC15; Thu, 10 Dec 2009 18:27:30 +0000 (UTC) Received: from barryp.org (host-145-114-107-208.midco.net [208.107.114.145]) by itasca.hexavalent.net (Postfix) with ESMTPS id 0B81E23C4D8; Thu, 10 Dec 2009 12:12:17 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=barryp.org; s=itasca; t=1260468737; bh=NcAOkvnTTjr+zmiGynQdrODp2uujB/aCueVFUgGavmo=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=QAldEow1XC4R StSut6xksPfbv483A7Sx8EpDUx9hQJtuf0V46/1ia6/6er/MftrHhlcmGsr6kMCjTsP xvP6WyvFDMSIUYAP78SGNPY/B0E/ykCSeUqGfKGu5Uon32UJ5XR3GwKedGMQTcwz09N 8Rnnc9bBYnXt33xIEdurR6038= Received: from octane.med.und.nodak.edu ([134.129.166.23]) by barryp.org with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.67 (FreeBSD)) (envelope-from ) id 1NInUs-000HkV-W5; Thu, 10 Dec 2009 12:12:15 -0600 Message-ID: <4B2139FE.8020200@barryp.org> Date: Thu, 10 Dec 2009 12:12:14 -0600 From: Barry Pederson User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0 MIME-Version: 1.0 To: Pawel Jakub Dawidek References: <200911102227.nAAMRXTf073603@svn.freebsd.org> <20091110224524.GC3194@garage.freebsd.pl> In-Reply-To: <20091110224524.GC3194@garage.freebsd.pl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-fs@FreeBSD.org, freebsd-current@FreeBSD.org Subject: Re: HEADS UP: Important bug fix in ZFS replay code! X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2009 18:27:31 -0000 On 11/10/09 4:45 PM, Pawel Jakub Dawidek wrote: > Hi. > > There was important bug in ZFS replay code. If there were setattr logs > (not related to permission change) in ZIL during unclean shutdown, one > can end up with files that have mode set to 07777. > > This is very dangerous, especially if you have untrusted local users, as > this will set setuid bit on such files. Note that FreeBSD will remove > setuid bits when someone will try to modify the file, but it is still > dangerous. > > You can locate such files with the following command: > > # find / -perm -7777 -print0 | xargs -0 ls -ld > > You can locate and fix such files with the following command: > > # find / -perm -7777 -print0 | xargs -0 chmod a-s,o-w,-t I just noticed this fix didn't make it into 8.0, I just had an 8.0-RELEASE-p1 machine crash and come back with a bunch of 07777 files. Maybe this should be documented as an errata or security advisory. Barry